Ransomware Attacks and Strategies

Ransomware attacks are the most intrusive and disruptive global cyberthreats the corporate word and society face today. This days ransomware has reached epidemic proportions affecting all sort of business. In this times, any device that holds an operating system could be an entry point of a Ransomware attack. Ransomware attacks occurred every 11 seconds in 2011.

Ransomware attacks have been successful since Data privacy leaks can cause a big harm and affect the business continuity of any organization, therefore the victims are more willing to pay for the ransomware. 

The impact of ransomware is relevant because the data is weaponized to threaten the CIA model of any organization: Confidentiality, Integrity and Availability. 

Many ransomware attacks have taken place due to lack of security measurements in the infrastructure, but also due to the data privacy breaches where the attacker is able to collect PII Data (Personal Identifiable Information) or even escalated privileges to the security systems in place.

The variety of root causes and the industries vulnerable to a ransomware attack varies, and the sophistication and density of these sort  of attacks have evolved at fast pace. 

One of many characteristics of the Ransomeware attacks is that these attacks could be targeted from a broad-based to a highly targeted attacks on specific organizations either private or public an even particular individuals.

The best sequence of strategies to be protected against a Ransomware attack are the following:

  • Prepare

One stage for the Preparation against a Ransomware attack is the evaluation and for this it’s needed to  know the maturity of any Security Framework implemented in the organization through a Cybersecurity Maturity Model. A second portion of the preparation stage is to meet the security requirements of the Security Framework, Certifications and Regulations such as General Data Protection Regulation GDPR

  • Prevent 

Zero Trust Architecture is one of the key factors to prevent most of the common cyber attacks. 

Other important strategy is to have a plan in place for training the employees in terms of cybersecurity best practices related to how to keep the hygiene and operation of the IT infrastructure.

The implementation of Multi-factor Authentication, Role Based Access and Logging systems are the must in term of a Zero Trust Cybersecurity Strategy to reduce the attack surface of any IT Infrastructure.

  • Detect 

Operations are the key in this strategy, since it is needed to have in place Controls and Systems that log, detect and remediate an event that is being detected in the Security Information and Event Management (SIEM) as part of the Security Operation Center (SOC).

  • Remediate

In this stage it’s needed to develop a Business Continuity plan (BCP).

This stage to remediate goes along with the recover strategy since part of the important actions is to restart the applications faster besides the recovery action keeping the reliability of the services.

  • Recover

The Disaster Response Plan (DPR) are part of the recovery plan, but for this , it is needed to plan it ahead. Here in this strategy it is needed to evaluate the procedures to back-up the data and the encrypted of the data at rest and in traffic.

How do you define Risk ?

Risk can be defined as the uncertainty about the effects or implications of any activity with respect to something that humans, process or organizations value, often focusing on the negative, and undesirable consequences or outcomes not forecasted. 

+ Risk is an essential part of any business

+ Understand risk exposure

+ Ensure risk is within risk appetite

Which are the Elements of Risk?

Threat — Likelihood — Risk Assessment

Risk Assessment — Vulnerabilities

Risk Assessment — Impact

Risk Assessment — Controls

Which are the Risk Treatments?

+ Risk Acceptance

+ Risk Avoidance

+ Risk Transfer

+ Risk Mitigation

Multi-Tiered Control Strategy

Threats <— Reduces — Deterrent

Vulnerabilities < —- Reduces —- Preventative

Incidents < —- Detects —- Detective 

Impacts  < —- Reduces —- Corrective

NIST 800-30

Guide for Conducting Risk Assessment

¿Qué es el Riesgo?

El riesgo se puede definir como la incertidumbre sobre los efectos o implicaciones de cualquier actividad con respecto a algo que valoran los seres humanos, los procesos o las organizaciones, a menudo centrándose en las consecuencias negativas e indeseables o los resultados no previstos.

+ El riesgo es una parte esencial de cualquier negocio

+ Comprender la exposición al riesgo

+ Garantizar que el riesgo esté dentro del apetito por el riesgo

¿ Cuáles son los Elementos de riesgo ?

Amenaza — Probabilidad — Evaluación de riesgos

Evaluación de riesgos: vulnerabilidades

Evaluación de riesgos — Impacto

Evaluación de riesgos — Controles

¿Cuáles son los Tratamientos de riesgo ?

+ Aceptación de riesgos

+ Prevención de riesgos

+ Transferencia de riesgo

+ Mitigación de riesgos

Estrategia de control de varios niveles

Amenazas <— Reduce — Disuasivo

Vulnerabilidades < —- Reduce —- Preventivo

Incidentes < —- Detecta —- Detective

Impacta < —- Reduce —- Correctivo

NIST 800-30

Guide for Conducting Risk Assessment

En este video se comenta la interrelación y la complejidad que tienen los temas de Identidad privacidad de los datos, la ciberseguridad , la inteligencia artificial y los procesos de anonimización de los datos en las instituciones bancarias, publicas e inclusive Fintech, y se mencionan algunas regulaciones tales como (GDPR) General Data Protection Regulation, (CCPA) California Consumer Privacy Act, LGPD (Lei Geral de Proteção de Dados) de Brasi, la Ley General de Protección de Datos Personales en Mexico.

En este video, se comentan como los cyber ataques pueden alterar el curso de los cripto activos y por consecuencia alterar la apreciación del valor de los activos. Así mismo se mencionan algunos antecedentes que han creado cierta imagen de Bitcoin y los criptoactivos con respecto a la relación de cyber-crimenes, tales como los ataques de ransomware y como estos son cobrados mediante Bitcoin principalmente. De igual forma se comentan a cerca de los grupos vulnerables a estos ataques de ransomware desde individuos hasta corporaciones. Derivado de esto se comenta el tema acerca de los SHA (Security Hash Algorithm) Algoritmos de Seguridad de Hash. De la misma forma se introduce el tema de la importancia de los conceptos intrínsecos de ciberseguridad como criterios de inversion en el mundo crypto, ya que derivado de cyber ataques, se han creado Soft y Hard Forks que han cambiado el curso de algunos crypto-activos e inclusive de los conceptos y capacidades de la descentralización de las Arquitecturas de Blockchain (Cadena de Bloques). En el Crypto-Mundo, los paradigmas de hoy son rotos por Cyber-Hakeos y esos mismos eventos crean nuevos paradigmas, que generaran nuevos sistemas de consenso y reglas (Governance), lo cual deriva en nuevos modelos de incentivos y apreciación del valor.